Looking ahead to 2025, it’s time for organizations to put the right tools and processes in place for it … [+]
As we prepare to enter 2025, the cybersecurity landscape is shifting rapidly, driven by advances in quantum computing, the proliferation of IoT and OT devices, and a wave of stringent new regulations.
These forces are reshaping the fabric of digital security. For businesses and governments alike, the key to thriving in this evolving landscape is proactive preparation. Experts across the industry are already charting a path forward to address these emerging challenges.
I recently spoke with experts from Keyfactor and Thales about the emerging trends and think look ahead to 2025—touching on the growing importance of post-quantum cryptography, the imperative for IoT/OT security, new regulatory dynamics, the rise of short-lived certificates , and how certificate and identity management will be critical in protecting the future.
Post-quantum cryptography goes to the fore
Quantum computing is poised to move from an abstract concept to an urgent topic of action in 2025. Unlike traditional computers, quantum systems use quantum bits, allowing them to solve complex mathematical problems exponentially faster – posing a potential risk existential for the current encryption techniques that protect much of today’s digital communications.
Historically, discussion about post-quantum cryptography was often speculative, akin to a distant Y2K. But the urgency is growing. Chris Hickman, Chief Security Officer at Keyfactor pointed out that quantum computing timelines are becoming clearer, with real impacts possible as early as 2029. This means organizations can no longer afford to wait; instead, they should prepare today for a secure quantum tomorrow by investing in crypto-agility – being ready to adapt to quantum-resistant standards as soon as they are needed.
Todd Moore, Vice President of Cryptographic Products at Thales, echoes this sentiment by emphasizing the importance of crypto-agility. “Crypto agility is key to ensuring that once quantum threats become real, organizations can move to new cryptographic standards without major disruption,” Moore noted. This proactive approach will be essential as quantum computing continues to evolve, bringing both opportunities and threats to the forefront of cybersecurity.
IoT and OT security reach critical maturity
The complexity of IoT and OT devices presents unique security challenges. These devices are now ubiquitous – used everywhere from factories to hospitals – and often lack the user interfaces that make traditional security practices viable. As a result, managing certificates for these environments presents distinct obstacles, especially in highly regulated industries.
In 2025, IoT and OT security will be in the spotlight. Especially in critical sectors such as industry and government, a high degree of security is required for device security. Solutions that focus on automated certificate lifecycle management and tailored public key infrastructure deployment are essential to ensure consistency. Customization and consultation are essential, and partnerships that bring industry expertise are driving secure and scalable solutions for these environments.
The Compliance Wave: Regulatory Requirements as a Catalyst for Security
Another important driver of change in 2025 will be regulatory pressure. The European Union’s Cyber Resilience Act, for example, is expected to significantly impact cybersecurity practices, potentially surpassing even the GDPR in terms of its scope. It emphasizes improving product security throughout their lifecycle – requiring businesses to take responsibility for cyber security from the start.
Jordan Rackie, CEO of Keyfactor, points out that compliance is not just about avoiding penalties; it’s about embedding security deep enough that organizations can operate with confidence in this changing landscape. The CRA and similar regulations make it clear that proactive and identity-centric security measures are needed. This includes focusing on public key infrastructure and certificate lifecycle management to ensure all digital assets are covered.
For companies looking to stay ahead of compliance requirements, consolidating their PKI infrastructure and automating upgrades are effective ways to efficiently manage security and meet evolving standards. This proactive stance will help organizations not only stay compliant, but also protect their assets against increasingly sophisticated cyber threats.
Short-lived certificates and crypto-agility as the new normal
Gone are the days when certificates were renewed every few years. As we approach 2025, short-lived certificates will become the new norm, driven by companies like Google and Apple seeking tighter security through shorter certificate validity – 90 days or even as little as 45 days.
Short-lived certifications mean upskilling is essential. “The days of set it and forget it are over,” noted Chris Hickman, highlighting the need for automated and efficient certificate lifecycle management to keep pace with these changes. By investing in crypto-agility—both in infrastructure and processes—organizations can minimize the risks associated with certificate compromise and expiration, thereby reducing the chances of breaches and system outages.
The future will favor organizations that can automate and adapt securely. Solutions that allow rapid deployment, validation and renewal of certificates will be crucial in minimizing exposure to cyber threats. In this way, companies not only meet new security standards, but also increase their ability to respond to evolving cyber threats.
Protecting Critical Infrastructure with Identity Management
Securing critical infrastructure is set to be one of the most pressing challenges in 2025. Digitization of critical services—ranging from power grids to defense systems—brings improved efficiency and real-time monitoring, but also new vulnerabilities. According to the Thales Data Threat Report 2024, 93% of critical infrastructure respondents reported an increase in attacks over the past year. Moore noted that “Identity and access management is increasingly the backbone of critical infrastructure cybersecurity, ensuring that only authorized individuals have access to sensitive systems.”
With threats on the rise, identity and certificate management are no longer optional—they are fundamental to ensuring that only trusted entities interact with sensitive systems. As infrastructure becomes more connected, solutions such as centralized encryption key lifecycle management become essential. IAM, combined with effective encryption management, will play a critical role in securing the essential services that societies depend on.
Convergence of disparate PKI infrastructures—bringing together multiple solutions under one management platform—will also be a priority for many organizations. This convergence will allow greater security coverage and a unified approach, which is vital to protecting critical systems while maintaining efficiency.
Looking ahead: Setting the standard for cybersecurity
The cybersecurity challenges facing organizations in 2025 are significant, but they also present an opportunity to put stronger and more proactive security measures in place. From preparing for quantum threats to embracing IoT/OT security and meeting new regulatory requirements, the emphasis is shifting from reactive measures to building a fundamentally secure infrastructure.
Keyfactor’s Rackie emphasized that preparing for the quantum era and ensuring compliance with new regulations are tasks that require immediate attention. By investing in crypto-agility, automated lifecycle management and identity-first security practices, organizations aren’t just reacting to change—they’re leading it. Proactive engagement with cyber security is not just about protecting against threats; it’s about setting the standard for security excellence and being ready for what comes next.
As the landscape evolves, those who anticipate and prepare for these changes will not only protect their assets, but also thrive in an increasingly digital world. Embracing a secure tomorrow starts with action today. To learn more about how to prepare for these shifts and connect with industry leaders, attend Keyfactor’s Tech Days 2025. Register now and be part of the conversation shaping the future of cybersecurity.